https://pulumi.com logo
#python
Title
# python
h

hundreds-gpu-71155

01/09/2024, 8:34 PM
is there a pattern for breaking up one big resource into smaller ones? In particular, I'm looking at the tailscale integration, where there's one big ACL resource, and I'd like to break that up into individual tags and grants and stuff
b

billowy-army-68599

01/09/2024, 8:43 PM
tailscale’s acl resource doesn’t support this, sadly, it’s one big API. very frustrating 😞
h

hundreds-gpu-71155

01/09/2024, 8:46 PM
yeah. I was thinking maybe in the python layer, there's a way to define virtual resources that get automatically consolidated into the real ACL resource
just figured i'd ask around before i go committing black magick
b

billowy-army-68599

01/09/2024, 8:47 PM
that’s an interesting idea, the ACL is just a JSON dict, let me mull it over
h

hundreds-gpu-71155

01/09/2024, 8:48 PM
maybe make a component resource that's a context manager and calls
register_outputs()
in the
__exit__
instead of the
__init__
or sets up a collection point on the first call and then compiles the acl document when the run is finished (triggered by ???)
b

billowy-army-68599

01/09/2024, 8:51 PM
the latter is what I initially thought, it could even just be a componentreousrce that outputs a string, then does
pulumi.Output.all
to concat them at a base level
h

hundreds-gpu-71155

01/09/2024, 8:54 PM
i already wrote some framework that might be usable in the former for azure environments (you set the current environment through a context manager, other components can ask for the current environment to get stuff like resource groups and networks)
so the more i think about this, the more I think that the tailscale module is just a bad abstraction. In addition to all the stuff discussed above about the ACL document actually being a bunch of resources compiled together, managing machine properties is really annoying. So, you can't create a machine in Tailscale. You create an auth key, hand it to the machine, and the machine creates itself. Which means that to manage machine properties (eg tags or key expiry), you have two different regimes: • If the machine doesn't exist yet, you attach them to the auth key when you (re)create it • If the machine does exist, you modify its properties The current module manages Machines and Authkeys as distinct resources, which means that coordinating tailscale resources with VM creation is.... annoying, ugly, and probably causes some weirdness in the stack state. I would much rather condense them into one resource that does the appropriate switching behind the scenes.
(i don't even know how to get the tailscale provider linked with the VM, so that if the VM is recreated, the Tailscale bits are also recreated)